Privacy & data handling

AccessProof scans a merchant's public storefront for accessibility issues and helps produce an accessibility statement. This page explains what data we process and how.

What we store

What we do NOT store

EU data residency (GDPR)

Data is stored and processed in the EU. Our database (Supabase) and email provider (Resend) run in EU regions, and the application is hosted in the EU.

Subprocessors

Data subject & compliance requests

We implement Shopify's mandatory privacy webhooks (customers/data_request, customers/redact, shop/redact). Because we store no shopper PII, customer requests return no personal data. On app uninstall and on shop/redact, we delete the shop's data (scans, issues, jobs, statements, sessions).

Retention

We keep recent scans to show trends and detect regressions, and prune older data. As no PII is stored, retention risk is minimal.

Honesty about scope

Automated testing detects only a portion of accessibility barriers. AccessProof helps you find, fix, and document issues. It does not guarantee legal compliance and is not a substitute for manual evaluation.

Contact

Questions about data handling: [email protected].

Last updated: 2026.